Apache Cordova App Harness Targeted in Dependency Confusion Attack

By: Newsroom — April 23^rd 2024 at 14:00

Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name to a public package repository. This&

The Hacker News

Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers

By: Newsroom — March 5^th 2024 at 03:34

A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3. “The

Naked Security

Apple pushes out iOS security update that’s more tight-lipped than ever

By: Paul Ducklin — December 2^nd 2022 at 21:02

We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...

FreshRSS

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers

Apple pushes out iOS security update that’s more tight-lipped than ever